CSCI 762
Advanced Cryptography
Research Paper

An analysis of the Signal Protocol

By Robert Picciotti

Table of Contents

The Signal Protocol - An Introduction

The Signal Protocol is developed by Open Whisper Systems. The project aims to create a secure messaging protocol for use in the modern world. The protocol is used in their own app, named Signal, along with WhatsApp, Facebook Messenger, and Google Allo. The Signal app and WhatsApp both use the protocol for all messages, whereas Facebook Messenger and Google Allo only use it for "secret messages."

The Double Ratchet

A notable feature of the protocol is the Double Ratchet Algorithm. The ratchet is based on the Diffie Hellman ratchet used for Off-The-Record messaging. A key aim was to allow for more secure "long lived" conversations. OTR is primarily used for instant messaging, where conversations are often ended and both parties reauthenticate the next time they communicate. Modern messaging needs tend to be focused on long lived conversations, at times spanning years.

The author's of the Double Ratchet refer to it as "self-healing." This is because it aims to not be compromised because any one messages key is compromised. If one message in a conversation is compromised there should be no need to worry that the whole conversation is compromised.

It is designed to detect when messages are reordered, deleted, or replayed.

The Primitives

The Signal Protocol's primitives are Curve25519, AES-256 and HMAC-SHA256.

Project Abstract

I will do an analysis of the security properties of the Double Ratchet Algorithm. The Double Ratchet aims to have the unique feature of being "self-healing." Through the use of short-lived session keys, it aims to make it impossible to compromise future messages even if a previous messaged is cracked.

References

Presentation Slides

Mid-Point Presentation
Final Presentation
The Paper